In the News: spying TVs and tea kettles, data leaks

In the News – November 2013

Kristian A. Bognaes, Director, Norman Safeground Development Center

– November was not a very unusual month when it comes to computer security news stories. A few items were out of the ordinary, though, and deserve mentioning. There is a common theme for these stories that I will get back to.

Spying TVs

News stories that involve proprietary and embedded devices are always my favorites. One recent story was about the so-called Smart TV’s from a certain manufacturer, and how they would seemingly send data on the network with information about what channels a TV viewer would be watching. Additionally, the TV’s report the names of any files that the viewer has attached to the TV through a USB disk drive of flash device. We can all assume that usage statistics is gathered through the cable- and streaming services that we subscribe to, but we agree to that when we accept the EULAs. In this case, no documentation had been published that these TV’s would gather data and send it off for some undetermined purposes. A fix has been promised by the manufacturer.

Spying tea kettles

Several sources have reported that a shipment of Chinese water kettles to Russia were found to contain suspicious electronics. It is suspected that the chips would be able to attach to any unsecured Wi-Fi network within reach. Details about this remain sketchy, so it is too early to say what this is all about. It is definitely one of the more unusual and bizarre news items lately.

Massive data leaks

A more serious area of news involves some massive security breaches into large online services. Starting out as 3 million customer records stolen from Adobe, this number has now reached more than 150 million records and may be the biggest data theft in history. Another breach from earlier this year became known almost at the same time, when a security researcher found user data on about 40 million users connected to an online dating company. While the breaches are serious enough, they also give us insight into the password habits of online users. Needless to say, a lot of education is needed to make the average user understand the importance of having strong passwords and to change them regularly.

Sound-activated malware

Another piece of unusual news originated from security researcher Dragos Ruiu in Canada. As it turns out, it is possible that some malware may be communicating between PC’s using sound via the speakers and microphones that most computers have available. A separate research paper confirming that this is indeed possible was also published this month. Those strange sounds that you keep hearing may not only be in your head!

The common theme

Perhaps with the exception of the sound-activated malware, there is a common theme to these news stories: protecting your data. Protect your data and communications by encrypting it, and use strong passwords that you change frequently. The data breaches at the larger companies also teach us that you should always use different passwords on different sites. Unbelievable as it may seem, some online services may actually store users’ passwords in the clear. Your only protection then is to make sure that your password is not usable anywhere else. Furthermore, you should be aware that hardware you surround yourself with in your daily life may be sharing data about you without your knowledge.